Ivan Nardi
Ivan Nardi
In some contexts/deployments (load-balancing or QoS involved, routing on different interfaces based on classification...) is quite important to have a flow classification on the very FIRST packet of the flow,...
It seems feasible, but not trivial for the general case. Critical points: * there is no standard way to know if there will be a TLS handshake (unlike FTP where...
It seems nDPI has an endianess issue. The attached flow is classified as `BitTorrent` in little-endian machines, but as `RTP.Zoom` in big-endian ones. See https://github.com/ntop/nDPI/actions/runs/3665656103/jobs/6196872432 [BTW, the correct one is...
The goal is only to show that we have some issues on the big endian systems... see #https://github.com/ntop/nDPI/issues/1828
Oss-fuzz keeps reporting a memory leak in ahocorasick code, via `fuzz_filecfg_protocols` fuzzer. Some examples (these reports should be public): https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64150&q=ndpi&can=1&sort=-id https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62269&q=ndpi&can=1&sort=-id https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61934&q=ndpi&can=1&sort=-id It **seems** that the leak is about inserting...
Should we have only one protocol id for SMB1 and SMBv2, both? See: https://github.com/ntop/nDPI/pull/2245#issuecomment-1880926756
Should we do something on nDPI to better support PQ cryptography on TLS? https://blog.cloudflare.com/post-quantum-to-origins/ Ideas: * be sure that we correctly handle HRR TLS message * extract a metadata/risk to...
nDPI should be able to handle TLS messages (in particular, Client Hello) fragmented at the TLS record layer (i.e. when all the fragments are in the *same* TCP segment, i.e....
Right now we have defined 53 different flow risks. We should think about what we need to do to handle more than 63 risks... ``` typedef u_int64_t ndpi_risk; ``` and...